Phishing and its many variants are still a major threat on today's Internet. Email phishing is still a dominant attack type. You receive an email that usually claims to come from a legitimate company or service, in order to steal your passwords, other data, or gain access to information.
Experienced Internet users may detect most phishing emails immediately. One look at the sender's email address or the content of the email, and they know whether it is legitimate or not. Yes, a deep dive into the mail headers is usually the better option to determine whether an email is real or fake, but often, that is not necessary. If you get a claim from a company that you do not do business with, you can almost be certain that the email that you received is not legitimate.
Decade-old best practices against phishing still reign supreme. Do not click on links, do not use information to call someone, send them a message, or open a website listed in the phishing email. Bad grammar or spelling used to be a good indicator, but the increased use of AI by threat actors is eliminating most of that in emails.
If you are unsure, you may also hover with the mouse over links in phishing emails. At least on desktop systems, you see the link target. Often, it is a destination that has nothing to do with the entity the email supposedly came from. Even if an URL shortener is used or a new strategy is implemented, like showing mailto links instead of web links, it should ring the alarm bells loud and clear immediately.
On mobile, you may be able to long-press on links to display a context menu with options or information. There is still the risk of accidentally opening a link that you want to check though.
The following email, for example, has quite a few red flags. The sender claims that the recipient has to pay customs duties for a parcel transported by DHL.
Apart from the sender's email, it is the link that provides you with additional information. It screams fake, and if you used DHL before, you know that the company does not use the t.co URL shortening service.
Hovering over links may give help you distinguish fake emails from real ones. I still recommend that you open links manually only. If you get an email from your bank, a shopping site, or any other service or site that you use, you could still open it manually in your browser instead of clicking on a link, if you believe that there is a high chance that the email is legitimate.
Now You: How do you handle the threat of phishing? Do you use specialized security tools to protect against phishing attacks? Feel free to leave a comment down below.
Thank you for being a Ghacks reader. The post Hovering over links in emails is still one of the best defenses you have against phishing appeared first on gHacks Technology News.
0 Commentaires